Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...

Splunk Enterprise 9.1.0 < 9.1.10, 9.2.0 < 9.2.7, 9.3.0 < 9.3.5, 9.4.0 < 9.4.3 (SVD-2025-0709)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0709 advisory. - In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103,...

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...

Splunk Enterprise 9.1.0 < 9.1.10, 9.2.0 < 9.2.7, 9.3.0 < 9.3.5, 9.4.0 < 9.4.3 (SVD-2025-0704)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0704 advisory. - In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104,...

Splunk Cloud Platform和Splunk Enterprise 信息泄露漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk, Inc. of the U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. An information disclosure vulnerability exists...

Splunk Enterprise 操作系统命令注入漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk Corporation in the United States. Splunk Enterprise suffers from an operating system command injection vulnerability that stems from improper input cleanup and could lead to remote command execution. The following...

Splunk Enterprise 访问控制错误漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk Corporation in the United States. An access control error vulnerability exists in Splunk Enterprise, which stems from a missing access control and could result in shutting down scheduled searches. The following...

Exploit for Path Traversal in Splunk

CVE 2024-36991 - A path-traversal vulnerability that allows an...

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, arises from insufficient protection of registration data. This vulnerability allows attackers to gain unauthorized access to protected information.

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to insufficient protection of registration data. Exploiting this vulnerability could allow an attacker...

Splunk Universal Forwarder 9.1 < 9.1.9, 9.2 < 9.2.6, 9.3 < 9.3.4, 9.4 < 9.4.2 (SVD-2025-0602)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0602 advisory. - In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an...

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to execute arbitrary code.

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2025-20297

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint th...

CVE-2025-20297

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint th...

CVE-2025-20297

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint th...

CVE-2025-20298

CVE-2025-20298 affects Splunk Universal Forwarder for Windows prior to 9.4.2, 9.3.4, 9.2.6, and 9.1.9. The issue arises during a new installation or upgrade, where permissions on the default installation directory (C:\Program Files\SplunkUniversalForwarder) can be incorrectly assigned, allowing n...

CVE-2025-20297 Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint th...

CVE-2025-20297

Vulnerability CVE-2025-20297 affects Splunk Enterprise before 9.4.2, 9.3.4, and 9.2.6, and Splunk Cloud Platform before 9.3.2411.102, 9.3.2408.111, and 9.2.2406.118. A low-privileged user can craft a payload via the pdfgen/render REST endpoint, potentially executing unauthorized JavaScript in a u...

CVE-2025-20297 Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint th...

Splunk Universal Forwarder 安全漏洞

Splunk Universal Forwarder is a Splunk component from Splunk, Inc. A security vulnerability exists in Splunk Universal Forwarder versions prior to 9.4.2, prior to 9.3.4, prior to 9.2.6, and prior to 9.1.9 that stems from improperly assigned installation directory permissions...

PT-2025-23542 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.4.2 Splunk Enterprise versions prior to 9.3.4 Splunk Enterprise versions prior to 9.2.6 Splunk Cloud Platform versions prior to 9.3.2411.102 Splunk Cloud Platform versions prior to 9.3.2408.111 Splunk Clo...